View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Leadership
  2. Digital Transformation
June 13, 2016updated 17 Oct 2016 11:54am

Wireless cars need wireless security

By John Oates

As more and more manufacturers begin to add communication and internet technology to their devices so the need for different kinds of security is increased.

A well-known car manufacturer is the latest to come unstuck when it comes to making sure that new functions on their vehicles come with security designed in. As technology increasingly moves into ever more devices it is vital that best security practise follows suit.

Many car makers now use mobile apps on phones to control aspects of the car. Along with keyless security these provide a new vector for thieves and hackers to exploit. These systems usually use a GSM module in the car to communicate with a cloud service. Your phone, and app, then communicate via that to talk to the car.

The problem with latest security hole was that the car provided its own Wi-Fi access point. Researchers used a brute force attack to crack the code within four days using a simple laptop. By spending about £1,000 on cloud computing power they could do this almost instantly.

This allowed them to switch off the car’s alarm system and control some other functions but not to start or drive the vehicle.
The Wi-Fi function would also allow a potential thief to track or geolocate the vehicle.

So they can find the car and then switch off its alarm. Once inside the vehicle thieves would have access to the car’s diagnostic port which provides yet another vector for possible attack.

There is nothing very shocking about this latest vulnerability – almost every car maker has now been caught out.

Content from our partners
Green for go: Transforming trade in the UK
Manufacturers are switching to personalised customer experience amid fierce competition
How many ends in end-to-end service orchestration?

It is not just cars – security researchers have raised fears about increasing functions and vulnerabilities of other types of technology too – Internet of Things devices have been criticised for weak security.

Individually this might seem unimportant – there is limited harm can someone do from controlling a temperature sensor or from turning on my car’s lights.

But the lesson from enterprise security is that any weak point in a network will be exploited.
This is not just a problem for consumers. As businesses increasingly turn to the IoT technologies and rely on wireless technology so it needs to change the way it thinks security.

You need to think about security at the very start of any project, it needs to be designed in from the ground up, not just added on later.
But that is the beginning of the process, not the end.

Security is about thinking about new threats as well as responding to more familiar foes. It needs to be a circular system which accepts that attacks will happen and reacts to learn from those attacks in order to continually strengthen defences.

Security needs to move and change as quickly as the attackers do. That means looking forward as well as keeping a close eye on who and what is on your network already.

Topics in this article :
Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how New Statesman Media Group may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.
THANK YOU